/*     */ package com.zimbra.cs.servlet.util;
/*     */ 
/*     */ import com.zimbra.common.account.Key.AccountBy;
/*     */ import com.zimbra.common.account.Key.DomainBy;
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.util.HttpUtil;
/*     */ import com.zimbra.common.util.Log;
/*     */ import com.zimbra.common.util.LogFactory;
/*     */ import com.zimbra.cs.account.Account;
/*     */ import com.zimbra.cs.account.AuthToken;
/*     */ import com.zimbra.cs.account.AuthTokenException;
/*     */ import com.zimbra.cs.account.Domain;
/*     */ import com.zimbra.cs.account.GuestAccount;
/*     */ import com.zimbra.cs.account.Provisioning;
/*     */ import com.zimbra.cs.account.Server;
/*     */ import com.zimbra.cs.account.auth.AuthContext.Protocol;
/*     */ import com.zimbra.cs.service.AuthProvider;
/*     */ import com.zimbra.cs.service.UserServletException;
/*     */ import com.zimbra.cs.servlet.ZimbraServlet;
/*     */ import java.io.IOException;
/*     */ import java.util.HashMap;
/*     */ import java.util.Map;
/*     */ import javax.servlet.http.HttpServletRequest;
/*     */ import javax.servlet.http.HttpServletResponse;
/*     */ import org.apache.commons.codec.binary.Base64;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class AuthUtil
/*     */ {
/*  46 */   private static Log mLog = LogFactory.getLog(AuthUtil.class);
/*     */   
/*     */ 
/*     */   public static final String WWW_AUTHENTICATE_HEADER = "WWW-Authenticate";
/*     */   
/*     */ 
/*     */   public static final String HTTP_AUTH_HEADER = "Authorization";
/*     */   
/*     */ 
/*     */   public static boolean isAdminRequest(HttpServletRequest req)
/*     */     throws ServiceException
/*     */   {
/*  58 */     int adminPort = Provisioning.getInstance().getLocalServer().getIntAttr("zimbraAdminPort", -1);
/*  59 */     if (req.getLocalPort() == adminPort)
/*     */     {
/*  61 */       int mailPort = Provisioning.getInstance().getLocalServer().getIntAttr("zimbraMailPort", -1);
/*  62 */       if (mailPort == adminPort) {
/*  63 */         return getAdminAuthTokenFromCookie(req) != null;
/*     */       }
/*  65 */       return true;
/*     */     }
/*  67 */     return false;
/*     */   }
/*     */   
/*     */   public static AuthToken getAuthTokenFromCookie(HttpServletRequest req, HttpServletResponse resp) throws IOException
/*     */   {
/*  72 */     return getAuthTokenFromHttpReq(req, resp, false, false);
/*     */   }
/*     */   
/*     */   public static AuthToken getAuthTokenFromCookie(HttpServletRequest req, HttpServletResponse resp, boolean doNotSendHttpError) throws IOException
/*     */   {
/*  77 */     return getAuthTokenFromHttpReq(req, resp, false, doNotSendHttpError);
/*     */   }
/*     */   
/*     */   public static AuthToken getAuthTokenFromHttpReq(HttpServletRequest req, boolean isAdminReq) {
/*  81 */     AuthToken authToken = null;
/*     */     try {
/*  83 */       authToken = AuthProvider.getAuthToken(req, isAdminReq);
/*  84 */       if (authToken == null) {
/*  85 */         return null;
/*     */       }
/*  87 */       if ((authToken.isExpired()) || (!authToken.isRegistered())) {
/*  88 */         return null;
/*     */       }
/*  90 */       return authToken;
/*     */     } catch (AuthTokenException e) {}
/*  92 */     return null;
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */   public static AuthToken getAuthTokenFromHttpReq(HttpServletRequest req, HttpServletResponse resp, boolean isAdminReq, boolean doNotSendHttpError)
/*     */     throws IOException
/*     */   {
/* 100 */     AuthToken authToken = null;
/*     */     try {
/* 102 */       authToken = AuthProvider.getAuthToken(req, isAdminReq);
/* 103 */       if (authToken == null) {
/* 104 */         if (!doNotSendHttpError)
/* 105 */           resp.sendError(401, "no authtoken cookie");
/* 106 */         return null;
/*     */       }
/*     */       
/* 109 */       if ((authToken.isExpired()) || (!authToken.isRegistered())) {
/* 110 */         if (!doNotSendHttpError)
/* 111 */           resp.sendError(401, "authtoken expired");
/* 112 */         return null;
/*     */       }
/* 114 */       return authToken;
/*     */     } catch (AuthTokenException e) {
/* 116 */       if (!doNotSendHttpError)
/* 117 */         resp.sendError(401, "unable to parse authtoken"); }
/* 118 */     return null;
/*     */   }
/*     */   
/*     */   public static AuthToken getAdminAuthTokenFromCookie(HttpServletRequest req)
/*     */   {
/* 123 */     return getAuthTokenFromHttpReq(req, true);
/*     */   }
/*     */   
/*     */   public static AuthToken getAdminAuthTokenFromCookie(HttpServletRequest req, HttpServletResponse resp) throws IOException
/*     */   {
/* 128 */     return getAuthTokenFromHttpReq(req, resp, true, false);
/*     */   }
/*     */   
/*     */   public static AuthToken getAdminAuthTokenFromCookie(HttpServletRequest req, HttpServletResponse resp, boolean doNotSendHttpError) throws IOException
/*     */   {
/* 133 */     return getAuthTokenFromHttpReq(req, resp, true, doNotSendHttpError);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   public static Account basicAuthRequest(HttpServletRequest req, HttpServletResponse resp, ZimbraServlet servlet, boolean sendChallenge)
/*     */     throws IOException, ServiceException
/*     */   {
/* 144 */     if (!AuthProvider.allowBasicAuth(req, servlet)) {
/* 145 */       return null;
/*     */     }
/*     */     
/* 148 */     return basicAuthRequest(req, resp, sendChallenge);
/*     */   }
/*     */   
/*     */   public static final class AuthResult {
/*     */     public final boolean sendErrorCalled;
/*     */     public final Account authorizedAccount;
/*     */     
/* 155 */     public AuthResult(Account authAcct, boolean calledSendError) { this.sendErrorCalled = calledSendError;
/* 156 */       this.authorizedAccount = authAcct;
/*     */     }
/*     */   }
/*     */   
/*     */   public static AuthResult basicAuthRequest(HttpServletRequest req, HttpServletResponse resp, boolean sendChallenge, ZimbraServlet servlet)
/*     */     throws IOException, ServiceException
/*     */   {
/* 163 */     if (!AuthProvider.allowBasicAuth(req, servlet)) {
/* 164 */       return new AuthResult(null, false);
/*     */     }
/* 166 */     Account acct = basicAuthRequest(req, resp, sendChallenge);
/* 167 */     return new AuthResult(acct, acct == null);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */   public static Account basicAuthRequest(HttpServletRequest req, HttpServletResponse resp, boolean sendChallenge)
/*     */     throws IOException, ServiceException
/*     */   {
/*     */     try
/*     */     {
/* 177 */       return basicAuthRequest(req, !sendChallenge);
/*     */     } catch (UserServletException e) {
/* 179 */       if (e.getHttpStatusCode() == 401) {
/* 180 */         if (sendChallenge) {
/* 181 */           resp.addHeader("WWW-Authenticate", getRealmHeader(req, null));
/* 182 */           resp.sendError(e.getHttpStatusCode(), e.getMessage());
/*     */         }
/*     */       } else
/* 185 */         resp.sendError(e.getHttpStatusCode(), e.getMessage());
/*     */     }
/* 187 */     return null;
/*     */   }
/*     */   
/*     */ 
/*     */   public static Account basicAuthRequest(HttpServletRequest req, boolean allowGuest)
/*     */     throws IOException, ServiceException, UserServletException
/*     */   {
/* 194 */     String auth = req.getHeader("Authorization");
/*     */     
/*     */ 
/* 197 */     if ((auth == null) || (!auth.startsWith("Basic "))) {
/* 198 */       throw new UserServletException(401, "must authenticate");
/*     */     }
/*     */     
/*     */ 
/* 202 */     String userPass = new String(Base64.decodeBase64(auth.substring(6).getBytes()), "UTF-8");
/*     */     
/* 204 */     int loc = userPass.indexOf(":");
/* 205 */     if (loc == -1) {
/* 206 */       throw new UserServletException(400, "invalid basic auth credentials");
/*     */     }
/*     */     
/* 209 */     String userPassedIn = userPass.substring(0, loc);
/* 210 */     String user = userPassedIn;
/* 211 */     String pass = userPass.substring(loc + 1);
/*     */     
/* 213 */     Provisioning prov = Provisioning.getInstance();
/*     */     
/* 215 */     if (user.indexOf('@') == -1) {
/* 216 */       String host = HttpUtil.getVirtualHost(req);
/* 217 */       if (host != null) {
/* 218 */         Domain d = prov.get(Key.DomainBy.virtualHostname, host.toLowerCase());
/* 219 */         if (d != null) { user = user + "@" + d.getName();
/*     */         }
/*     */       }
/*     */     }
/* 223 */     Account acct = prov.get(Key.AccountBy.name, user);
/*     */     
/* 225 */     if (acct == null) {
/* 226 */       if (allowGuest) {
/* 227 */         return new GuestAccount(user, pass);
/*     */       }
/*     */       
/* 230 */       throw new UserServletException(401, "invalid username/password");
/*     */     }
/*     */     try {
/* 233 */       Map<String, Object> authCtxt = new HashMap();
/* 234 */       authCtxt.put("ocip", ZimbraServlet.getOrigIp(req));
/* 235 */       authCtxt.put("remoteip", ZimbraServlet.getClientIp(req));
/* 236 */       authCtxt.put("anp", userPassedIn);
/* 237 */       authCtxt.put("ua", req.getHeader("User-Agent"));
/* 238 */       prov.authAccount(acct, pass, AuthContext.Protocol.http_basic, authCtxt);
/*     */     } catch (ServiceException se) {
/* 240 */       throw new UserServletException(401, "invalid username/password");
/*     */     }
/*     */     
/* 243 */     return acct;
/*     */   }
/*     */   
/*     */   public AuthToken cookieAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServiceException
/*     */   {
/* 248 */     AuthToken at = isAdminRequest(req) ? getAdminAuthTokenFromCookie(req, resp, true) : getAuthTokenFromCookie(req, resp, true);
/* 249 */     return at;
/*     */   }
/*     */   
/*     */   public static String getRealmHeader(HttpServletRequest req, Domain domain) {
/* 253 */     String realm = null;
/*     */     
/* 255 */     if (domain == null)
/*     */     {
/* 257 */       String host = HttpUtil.getVirtualHost(req);
/* 258 */       if (host != null) {
/*     */         try
/*     */         {
/* 261 */           domain = Provisioning.getInstance().getDomain(Key.DomainBy.virtualHostname, host.toLowerCase(), true);
/*     */         } catch (ServiceException e) {
/* 263 */           mLog.warn("caught exception while getting domain by virtual host: " + host, e);
/*     */         }
/*     */       }
/*     */     }
/*     */     
/* 268 */     if (domain != null) {
/* 269 */       realm = domain.getBasicAuthRealm();
/*     */     }
/* 271 */     return getRealmHeader(realm);
/*     */   }
/*     */   
/*     */   public static String getRealmHeader(String realm) {
/* 275 */     if (realm == null)
/* 276 */       realm = "Zimbra";
/* 277 */     return "BASIC realm=\"" + realm + "\"";
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/servlet/util/AuthUtil.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */